Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 317

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
ASML rises 4% after hiking sales forecast for second time this year on strong AI chip demand
Post-termination Professional Leave due to Autism
Special Event: Rifftrax: BLACK BELT ANGELS
Maximum Pleasure Guaranteed: Full season 1
Book: The September House
Silo: It's All Good
Movie: Tokyo Gore Police
Current and former employees sue Meta, alleging discrimination in using AI to conduct layoffs
Why Europe is suddenly betting big on drones
U.S. trade official says 'very few' Nvidia H200 AI chips have been shipped to China